How to install and configure SSH server on Ubuntu 16.04
SSH is easily one of the first and most useful tools that gets installed on a server to perform remote system administration. Let’s learn how to install and configure it on Ubuntu 16.04 Xenial Xerus.
So what is SSH?
If you’re asking this, well you’re not in the right place. Before you go and configure a server, you should understand how SSH works and how to use its client. You can wait forever to learn a fundamental skill, or do it now reading this post.
Install SSH server
By default, an SSH server should be already installed on your system. If that is not the case let’s install it. There are a few servers that you can choose from, but we’ll focus on OpenSSH, one of the oldest and probably the most popular one. We can install it by typing:
# apt install -y openssh-server openssh-client
This will install also the client (that is always useful). This process will also generate the host key. Next step is to start and enable the service. Since Ubuntu 15.04, Ubuntu uses systemD. So let’s do it:
# systemctl start sshd # systemctl enable sshd
The last step is to open a port in the firewall. By default Ubuntu uses ufw (the uncomplicated firewall) as its default firewall.
# ufw allow ssh # ufw reload
This is it. You now have a functioning SSH server. It can indeed work like this, but you should also take a few minutes to configure your new SSH server. First you should familiarize with the configuration folder: /etc/ssh . You will find a few files inside this folder, the configuration of the server resides however in the sshd_config file.
Configuring SSH server
There are many many configuration options, we’ll cover the most important ones.
Port 22 # Tells sshd to listen on the port AddressFamily any # Listen on IPv4 or IPv6 only or both ListenAddress 0.0.0.0 # Listen on the address specified, can use both IPv4 and IPv6 PermitRootLogin no # Allow root to use ssh, it should always be set to no MaxAuthTries 6 # Defines the number of tries allowed during login MaxSessions 10 # Defines the maximum number of simultaneous connections PubkeyAuthentication yes # If set to yes enables the use of public key authentication PasswordAuthentication yes # This will enforce key-based if set to no and ask passwords if set to yes
This is by no mean a complete list, but shows you the most used (and important) options. If you’re willing here’s the complete list. Be sure to reload sshd for the changes to take effect
# systemctl reload sshd
Also, changing the port or the address will require a restart of the SSH server.
You now know how to install and modify the basic configuration of OpenSSH server, but there are quite a few things we didn’t mention: e.g. if you wanted to change the port on which SSH listens you should change the Port option, however that wouldn’t be enough. You must inform the firewall in order for that to work (if enabled), and if they are installed also SELinux or AppArmor. Since these are quite advanced things and go beyond the scope of the article itself, we won’t address them.
Image courtesy of kev-shine